Pre-launchengineering review within 1 business day. Submit now
qtvue
← All services

04 — Security & Hardening

Security & Firmware Hardening

Post-UniPwn (2025) — verified firmware, Bluetooth lockdown, isolated networks, and continuous monitoring. Legitimate hardening, never circumvention.

Scope

What's in. What's out.

In scope

  • Firmware verification (signature check, version pin)
  • Bluetooth and unused radio lockdown
  • Network isolation (VLAN, firewall, monitoring)
  • OTA update policy (signed updates, staged rollout)
  • Fleet inventory and per-device attestations
  • Incident response playbook (what to do if a robot is compromised)
  • Compliance documentation for enterprise security teams

Not in scope

  • Firmware jailbreaks, tier unlocks, or feature bypass (violates partner terms and warranty)
  • Custom backdoors or undocumented access paths (security liability)
  • Penetration testing of the Unitree platform itself (coordinate with Unitree)

Code

Same SDK the Unitree team uses.

Every service ships with a real, runnable snippet from the SDK we'd use on your project. No pseudocode.

firmware_verify.py
python
# Firmware verification — pinned version + signature
import hashlib
from unitree_sdk2py.firmware import verify_signature

PINNED_VERSION = ">=1.4.2"
EXPECTED_SHA = "a1b2c3d4..."  # pinned at deployment time

def harden(robot):
    fw = robot.read_firmware()
    assert fw.version >= PINNED_VERSION, f"Outdated firmware: {fw.version}"
    assert hashlib.sha256(fw.image).hexdigest() == EXPECTED_SHA, "Hash mismatch"
    verify_signature(fw)  # raises on bad signature
    robot.disable_bluetooth()
    robot.disable_undocumented_radios()
    robot.set_network_policy("isolated")
    log_attestation(robot, fw)

Get started

Submit your use case.

Tell us what you want to do. We'll tell you whether this service is the right fit, and what a realistic engagement looks like.

Submit your use case → Other services

Other services

The full stack.